Insights > 
Shadow AI: The Risk No Firm Can Ignore — New Research Reveals Widespread Unauthorised AI Use
INsights

Shadow AI: The Risk No Firm Can Ignore — New Research Reveals Widespread Unauthorised AI Use

What Is Shadow AI?

Shadow AI refers to the use of generative AI tools that haven’t been approved, secured, or monitored by your organisation’s IT or compliance teams. Tools like ChatGPT, Gemini, and Claude are increasingly being used by employees to summarise data, draft documents, or support decision-making — often with good intentions, but without proper oversight.

According to Intapp’s 2025 Technology Perceptions Survey, 50% of professionals have used unauthorised AI tools at work. That’s not a fringe problem — it’s half your workforce.

The implication? Sensitive client information, confidential firm data, and even employee interactions could be flowing through systems you don’t control, can’t audit, and may not comply with industry regulations.

Why It’s Happening

Shadow AI is rarely malicious. It’s a symptom of deeper problems:

  • 68% of professionals say they could do a better job if they had better technology.
  • Only 32% feel they have the tools they need to do their job effectively.
  • Many employees are under pressure to work faster, reduce manual effort, and produce better results — and AI offers a tempting shortcut.

In short, professionals are reaching for tools that help them get work done. But they’re doing so outside your organisation’s risk framework.

The Risks of Shadow AI

  1. Data Security Breaches: Public AI tools are not designed for enterprise-grade confidentiality. When staff paste internal documents, client information, or financial data into a consumer AI interface, you lose control of that data. It may be stored, logged, or used to train future models, even if disclaimers suggest otherwise. In sectors with strict confidentiality obligations — such as law and finance — this represents a serious breach of client trust.
  2. Regulatory and Legal Exposure: Using unvetted GenAI tools can violate GDPR, FCA, HIPAA, or SRA rules — even unintentionally. With regulatory scrutiny increasing, compliance is no longer a background concern. It’s a board-level issue. Firms that fail to implement safe AI practices risk financial penalties, lost accreditations, or legal liability if sensitive data leaks or biased outputs cause harm.
  3. Inconsistent Client Outcomes: Generative AI, when used without proper grounding or domain-specific data, can produce inaccurate or misleading outputs. If employees are generating reports, recommendations, or documents with unvalidated tools, client-facing quality may suffer — undermining your reputation and professionalism.
  4. Loss of Institutional Knowledge: Shadow AI operates outside of your knowledge ecosystem. Insights generated via external tools aren’t stored, tracked, or shared across teams. This leads to duplicated effort, inconsistent outputs, and fragmented know-how.

It’s Not Just About Risk — It’s a Missed Strategic Opportunity

Despite these risks, the value of AI is undeniable. The Intapp report found that:

  • 82% of professionals say AI-generated work is at least as good as their own.
  • AI is helping teams save time, improve accuracy, and reallocate effort towards higher-value activities like strategic planning and client work.
  • Access to AI tools now influences recruitment and retention, with over half of Gen Z and millennial professionals stating it affects where they choose to work.

Firms that fail to provide secure AI tools are not only falling behind — they’re becoming less attractive to the next generation of talent.

How Kalisa Helps You Use AI Securely and Effectively

Kalisa is built specifically for regulated and security-conscious sectors. It enables you to embrace the productivity benefits of AI — without compromising compliance, confidentiality, or control.

Here’s how:

  • Private by Design: Kalisa doesn’t train on your data. Ever. It runs in secure, sandboxed environments that ensure full data isolation, meeting the strictest standards for data protection in the UK and EEA.
  • Customisable AI Agents: Rather than relying on generic models, Kalisa lets you build agents using your organisation’s own knowledge. The result? AI that speaks your language, follows your policies, and delivers answers you can trust.
  • Auditable and Transparent: With Kalisa, every interaction is logged, traceable, and auditable. You can see how AI was used, what data was referenced, and who accessed what. This makes internal reviews, client reporting, and regulatory inspections straightforward.
  • Easy to Deploy and Scale: Kalisa requires no technical expertise. It’s a fully supported platform that integrates with your existing systems or operates standalone. You can roll out AI to your teams confidently — with full visibility and central control.

What Good Looks Like: Moving from Shadow AI to Strategic AI

To reduce risk and unlock the full potential of AI, firms should take three immediate steps:

1. Acknowledge the Reality

Start with the assumption that your people are already using AI — whether it’s authorised or not. Open the conversation internally, and gather data on how AI is being used across teams.

2. Close the Governance Gap

Set clear policies around AI usage. But don’t just say “no” — offer secure alternatives. Banning public tools without providing better options only pushes usage further underground.

3. Empower with the Right Platform

Give your team AI tools that are safe, secure, and aligned with your standards. Platforms like Kalisa ensure that AI is an asset — not a liability — across your operations.

Final Thought: AI Governance Is Now a Strategic Priority

Shadow AI is a warning sign. It reveals a growing disconnect between organisational policy and professional reality. It also presents an urgent leadership challenge: to balance innovation with control, and productivity with protection.

Firms that act now will gain a competitive edge — not only by reducing risk, but by creating more efficient teams, better client experiences, and more attractive workplaces for future talent.

Powering the next generation of professional services

Kalisa offers everything you need to deliver valuable GenAI experiences to your clients and team.

  • Chat agents with subject-matter expertise
  • AI Workflows to automate business processes
  • AI workspaces for your team
  • Self-serve client portals and dashboards
  • Subscriptions and monetisation
  • Securely combine public and private data
  • API for systems integration

Book a free demo to see Kalisa in action

* This articles' cover image is generated by AI

get in touch

See what Kalisa can do for you

Book a demo
FeaturesUse CasesBenefitsInsightsFAQsBook a demo
hello@kalisa.ai
Copyright © 2025 Kalisa Technology Limited. All rights reserved
Privacy Policy | Service Status
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
Reject allAccept all